Skip to Content


January 3, 2023 by in Hot Issues

By: Jamie Rauch

On December 19, 2022, the U.S. Federal Trade Commission (the “FTC”) announced record monetary fines of five hundred twenty million dollars ($520,000,000) against Epic Games, Inc. (“Epic Games”), the creator of the hugely successful video game Fortnite, based upon violations of: (i) The Children’s Online Privacy Protection Act (“COPPA”); and (ii) the FTC rule against unfair or deceptive business practices.[1] These fines – and the offensive conduct by Epic Games – could have been easily avoided. This case represents a cautionary tale for gaming companies and other companies that offer online games and apps to children.

  1. Epic Games’ COPPA Violations. The FTC charged EPIC Games with violating COPPA by collecting personal information through Fortnite from children under the age of 13, without obtaining verifiable parental consent as required by COPPA.[2] Insofar as Fortnite’s voice and text chat default settings were not private and difficult to change, any player’s voice and communications, including those of underage children, were automatically accessible to every other user.[3] These practices resulted in significant harm to children and teenagers, including sexual harassment, bullying, threats, and exposure to violent and traumatizing subject matter.[4]


  1. Epic Games’ Deceptive and Misleading Trade Practices. In addition to COPPA violations, Epic Games was charged with engaging in a lengthy history of unlawful and deceitful billing practices, despite repeated complaints and concerns voiced by consumers and employees. Epic Games’ use of various illegal dark pattern tactics, like Fortnite’s counterintuitive and confusing button configuration, was aimed at inducing underage consumers to make unintended in-game purchases, all without first obtaining parental consent.[5] Epic Games then doubled down on any customers that disputed the unauthorized charges by threatening such customers with a lifetime Fortnite ban.[6] These practices resulted in millions of users continually facing unauthorized charges.[7]


  1. Injunctive Relief. Epic Games is also subject to injunctive actions to ensure that it will eliminate any potential for a repeat of the unlawful actions for which it was charged.[8] Such injunctive relief: (i) prohibits the use of voice and text communications for children and teens without first obtaining parental consent; (ii) mandates the deletion of any users’ personal information previously collected in violation of COPPA parental notice and consent rules; (iii) requires the creation of a comprehensive privacy program addressing the issues central to the FTC’s complaints, to be routinely independently assessed;[9] and (iv) prohibits use of dark patterns to charge its consumers without their consent and bars the company from denying or preventing consumers from accessing their accounts on the basis of having disputed unauthorized charges.[10]


  1. Ongoing Reporting and Compliance Requirements. Epic Games also faces long-term compliance reporting and disclosure requirements to the U.S. Government.[11] Such compliance requirements include: (i) providing all Epic Games current and future principals, officers, directors and employees with a copy of the Consent Order, with each individual subsequently providing an acknowledgement of receipt, for twenty (20) years;[12] (ii) reporting to the government on measures adopted to comply with the Consent Order;[13] (iii) long term reporting of internal company activities; and (iv) maintaining records evidencing the company’s ongoing compliance on demand by the government.[14]


Epic Games’ hefty fines and intrusive (and costly) compliance obligations should give pause to every company engaging in online sales of games and other products to children. If you offer online products and services to children, and you have not prioritized compliance with state and federal privacy requirements, you are at risk of fines and injunctive relief by the state and federal authorities. Even if you have implemented required policies, but do not ensure employee compliance with such policies, you are still at risk.


SLG has extensive experience advising clients regarding unfair and deceptive acts and practices and online privacy protections in the context of COPPA and FTC rules, laws, and guidelines. To schedule a complimentary consultation, please contact SLG at


[1] See December 19, 2022 FTC Press Release at (the “Press Release”).

[2] See FTC Complaint at (the “Complaint”).

[3] Id. at ¶ 2.

[4] Id. at ¶ 3.

[5] Id. at ¶ 17.

[6] Id. at ¶ 18-25.

[7] See Administrative Complaint at

[8] See Stipulated Order at

[9] Id. at §§ 1-2, 4.

[10] See Consent Order at §§ 1-2.

[11] See Consent Order at (the “Consent Order”).

[12] Id. at § 6(B).

[13] Id. at § 7(A).

[14] Id. at § 7(B); §§8- 9.

Free Consultation

This slideout can include a call-to-action or a quick scroll back to the top.

Scroll to Top